From eef81d7409452866e44671c49c4dd3b94c0b5a49 Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Thu, 7 Aug 2025 14:05:14 +0200
Subject: [PATCH] fix: enforce secure cookie setting for session management

---
 server/api/auth/direct-login.post.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api/auth/direct-login.post.ts b/server/api/auth/direct-login.post.ts
index fd95695..a4c4185 100644
--- a/server/api/auth/direct-login.post.ts
+++ b/server/api/auth/direct-login.post.ts
@@ -321,7 +321,7 @@ export default defineEventHandler(async (event) => {
       // Use Nuxt's setCookie helper directly with the encrypted value
       setCookie(event, 'monacousa-session', encrypted, {
         httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
+        secure: true,
         sameSite: 'lax',
         maxAge,
         path: '/',